There have not been many instances where the DPA is enforced. And enforcement happens on a national level, not EU.
Someone has to file a complaint at some national watchdog, who then investigates (which can take a long time), and then can fine the business. This happened only a handful of times in the EU over the past few years, not sure about Zoom specifically.
The title here is quite suggestive, this is limited to one feature of zoom (recording) and transferring data outside of the EU without sufficient guarantees that users data privacy is guarded. Of course this goes much further than just zoom, but in the narrow context of the case (the use of Zoom by German authorities) it makes sense to be at least doing the right thing, whereas many companies would probably never even think about what the consequences are of streaming meetings through services such as Zoom, Google meet, Microsoft 'Teams' and so on.
Regardless of the legality it's a shitty implementation of a pretty simple concept, I'm not surprised their legal implementation is similarly broken, Zoom could easily set things up so EU customer data never leaves the EU. That would be the simplest solution to the problem.
Oh, and their conclusion 'The Hamburg DPA’s decision implies that it is unlawful for US-based data controllers to use Zoom.' is utter bullshit.
What this article really is is a thinly disguised advert for a for-pay event.
>First, the EU data protection authorities (DPAs) came for your newsletter (Mailchimp). Then, they came for your cloud storage provider (Cloudflare). And on Monday, the Hamburg DPA said using Zoom could be incompatible with the GDPR’s data transfer rules.
Alternate subtitle:
First, the your spam service (Mailchimp) stole your personal information. Then, your MitM-as-a-service (Cloudflare) stole your personal information. And now, the meeting service with flagrant disregard for privacy and security and several useful alternatives available (Zoom) stole your personal information. The EU told them all to knock it off.
It's basically a pointless publicity stunt. The law in question provides a hole for private companies to allow them to scan for child molestation materials, allowing Apple and similar to do what they were intending on doing anyway.
There was a pressure to pass something quickly for whatever reason (I'm sure has nothing to do with Silicon Valley lobbyists), it's "legally flawed" and it will crumble in front of the court.
It's a performance for the sake of the performance. European MPs pretend that they're doing something about the problem without ever even beginning to address it, fully aware that courts will undo their "effort", at which point they'd be like "oh well, we did our part".
US tech firms deem themselves to be above the law. Most countries can't even do anything about it.
Once in a blue moon EU squeeses them where it hurts, and you get these screams of "oh noe, US firms that operate how the please and pay no tax are being harrassed"! So entitled, its unbelievable.
What value do SCCs have if the country you operate in requires you do breach that contract on demand. I.e. if it is from the get-to-go known that you will likely not be able to uphold the contract.
29 comments
[ 3.3 ms ] story [ 73.2 ms ] threadregularly speed in their cars?
incorrectly dispose their waste?
use illegal narcotics?
not correctly pay taxes on things they sell?
Because most people don't care and risk of getting caught and then being fined for it is low enough.
Someone has to file a complaint at some national watchdog, who then investigates (which can take a long time), and then can fine the business. This happened only a handful of times in the EU over the past few years, not sure about Zoom specifically.
So, as per Betteridge's law of Headlines: No
More specifically: it applies when recording meetings
Most Zoom users are probably registered & logged in one way or the other.
Did none of you read the article? Do none of you understand GDPR?
Did you not read the guidelines?
https://news.ycombinator.com/newsguidelines.html
Regardless of the legality it's a shitty implementation of a pretty simple concept, I'm not surprised their legal implementation is similarly broken, Zoom could easily set things up so EU customer data never leaves the EU. That would be the simplest solution to the problem.
Oh, and their conclusion 'The Hamburg DPA’s decision implies that it is unlawful for US-based data controllers to use Zoom.' is utter bullshit.
What this article really is is a thinly disguised advert for a for-pay event.
If your organisation uses paid Zoom, you are probably already registered to Zoom, and this decision does very likely apply to you.
Alternate subtitle:
First, the your spam service (Mailchimp) stole your personal information. Then, your MitM-as-a-service (Cloudflare) stole your personal information. And now, the meeting service with flagrant disregard for privacy and security and several useful alternatives available (Zoom) stole your personal information. The EU told them all to knock it off.
There was a pressure to pass something quickly for whatever reason (I'm sure has nothing to do with Silicon Valley lobbyists), it's "legally flawed" and it will crumble in front of the court.
It's a performance for the sake of the performance. European MPs pretend that they're doing something about the problem without ever even beginning to address it, fully aware that courts will undo their "effort", at which point they'd be like "oh well, we did our part".
I hope so considering the precedent it sets but what makes you think that'll be the case?
This is not surprising.
Once in a blue moon EU squeeses them where it hurts, and you get these screams of "oh noe, US firms that operate how the please and pay no tax are being harrassed"! So entitled, its unbelievable.
What value do SCCs have if the country you operate in requires you do breach that contract on demand. I.e. if it is from the get-to-go known that you will likely not be able to uphold the contract.